From cfae6523be04d53151083930cff327b94f8702bb Mon Sep 17 00:00:00 2001
From: stelar7 <dudedbz@gmail.com>
Date: Tue, 26 Mar 2024 23:53:35 +0100
Subject: [PATCH] LibWeb: Implement skeleton of SubtleCrypto.sign

---
 .../LibWeb/Crypto/CryptoAlgorithms.h          |  5 ++
 .../Libraries/LibWeb/Crypto/SubtleCrypto.cpp  | 57 +++++++++++++++++++
 .../Libraries/LibWeb/Crypto/SubtleCrypto.h    |  1 +
 .../Libraries/LibWeb/Crypto/SubtleCrypto.idl  |  2 +-
 4 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.h b/Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.h
index 9cc6325a394..0ac9df25674 100644
--- a/Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.h
+++ b/Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.h
@@ -131,6 +131,11 @@ public:
         return WebIDL::NotSupportedError::create(m_realm, "decrypt is not supported"_fly_string);
     }
 
+    virtual WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> sign(AlgorithmParams const&, JS::NonnullGCPtr<CryptoKey>, ByteBuffer const&)
+    {
+        return WebIDL::NotSupportedError::create(m_realm, "sign is not supported"_fly_string);
+    }
+
     virtual WebIDL::ExceptionOr<JS::NonnullGCPtr<JS::ArrayBuffer>> digest(AlgorithmParams const&, ByteBuffer const&)
     {
         return WebIDL::NotSupportedError::create(m_realm, "digest is not supported"_fly_string);
diff --git a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.cpp b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.cpp
index 680b5d4151d..e0af98a4a25 100644
--- a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.cpp
+++ b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.cpp
@@ -463,6 +463,63 @@ JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> SubtleCrypto::export_key(Bi
     return verify_cast<JS::Promise>(*promise->promise());
 }
 
+// https://w3c.github.io/webcrypto/#dfn-SubtleCrypto-method-sign
+JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> SubtleCrypto::sign(AlgorithmIdentifier const& algorithm, JS::NonnullGCPtr<CryptoKey> key, JS::Handle<WebIDL::BufferSource> const& data_parameter)
+{
+    auto& realm = this->realm();
+    auto& vm = this->vm();
+    // 1. Let algorithm and key be the algorithm and key parameters passed to the sign() method, respectively.
+
+    // 2. Let data be the result of getting a copy of the bytes held by the data parameter passed to the sign() method.
+    auto data_or_error = WebIDL::get_buffer_source_copy(*data_parameter->raw_object());
+    if (data_or_error.is_error()) {
+        VERIFY(data_or_error.error().code() == ENOMEM);
+        return WebIDL::create_rejected_promise_from_exception(realm, vm.throw_completion<JS::InternalError>(vm.error_message(JS::VM::ErrorMessage::OutOfMemory)));
+    }
+    auto data = data_or_error.release_value();
+
+    // 3. Let normalizedAlgorithm be the result of normalizing an algorithm, with alg set to algorithm and op set to "sign".
+    auto normalized_algorithm = normalize_an_algorithm(realm, algorithm, "sign"_string);
+
+    // 4. If an error occurred, return a Promise rejected with normalizedAlgorithm.
+    if (normalized_algorithm.is_error())
+        return WebIDL::create_rejected_promise_from_exception(realm, normalized_algorithm.release_error());
+
+    // 5. Let promise be a new Promise.
+    auto promise = WebIDL::create_promise(realm);
+
+    // 6. Return promise and perform the remaining steps in parallel.
+
+    Platform::EventLoopPlugin::the().deferred_invoke([&realm, normalized_algorithm = normalized_algorithm.release_value(), promise, key, data = move(data)]() -> void {
+        HTML::TemporaryExecutionContext context(Bindings::host_defined_environment_settings_object(realm), HTML::TemporaryExecutionContext::CallbacksEnabled::Yes);
+        // 7. If the following steps or referenced procedures say to throw an error, reject promise with the returned error and then terminate the algorithm.
+
+        // 8. If the name member of normalizedAlgorithm is not equal to the name attribute of the [[algorithm]] internal slot of key then throw an InvalidAccessError.
+        if (normalized_algorithm.parameter->name != key->algorithm_name()) {
+            WebIDL::reject_promise(realm, promise, WebIDL::InvalidAccessError::create(realm, "Algorithm mismatch"_fly_string));
+            return;
+        }
+
+        // 9. If the [[usages]] internal slot of key does not contain an entry that is "sign", then throw an InvalidAccessError.
+        if (!key->internal_usages().contains_slow(Bindings::KeyUsage::Sign)) {
+            WebIDL::reject_promise(realm, promise, WebIDL::InvalidAccessError::create(realm, "Key does not support signing"_fly_string));
+            return;
+        }
+
+        // 10. Let result be the result of performing the sign operation specified by normalizedAlgorithm using key and algorithm and with data as message.
+        auto result = normalized_algorithm.methods->sign(*normalized_algorithm.parameter, key, data);
+        if (result.is_error()) {
+            WebIDL::reject_promise(realm, promise, Bindings::dom_exception_to_throw_completion(realm.vm(), result.release_error()).release_value().value());
+            return;
+        }
+
+        // 9. Resolve promise with result.
+        WebIDL::resolve_promise(realm, promise, result.release_value());
+    });
+
+    return verify_cast<JS::Promise>(*promise->promise());
+}
+
 SupportedAlgorithmsMap& supported_algorithms_internal()
 {
     static SupportedAlgorithmsMap s_supported_algorithms;
diff --git a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.h b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.h
index 074be20e91b..6db39dab3ee 100644
--- a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.h
+++ b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.h
@@ -29,6 +29,7 @@ public:
 
     JS::NonnullGCPtr<JS::Promise> encrypt(AlgorithmIdentifier const& algorithm, JS::NonnullGCPtr<CryptoKey> key, JS::Handle<WebIDL::BufferSource> const& data_parameter);
     JS::NonnullGCPtr<JS::Promise> decrypt(AlgorithmIdentifier const& algorithm, JS::NonnullGCPtr<CryptoKey> key, JS::Handle<WebIDL::BufferSource> const& data_parameter);
+    JS::ThrowCompletionOr<JS::NonnullGCPtr<JS::Promise>> sign(AlgorithmIdentifier const& algorithm, JS::NonnullGCPtr<CryptoKey> key, JS::Handle<WebIDL::BufferSource> const& data_parameter);
 
     JS::NonnullGCPtr<JS::Promise> digest(AlgorithmIdentifier const& algorithm, JS::Handle<WebIDL::BufferSource> const& data);
 
diff --git a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.idl b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.idl
index 9663a1e62e9..d7c457494f2 100644
--- a/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.idl
+++ b/Userland/Libraries/LibWeb/Crypto/SubtleCrypto.idl
@@ -47,7 +47,7 @@ dictionary JsonWebKey
 interface SubtleCrypto {
     Promise<any> encrypt(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource data);
     Promise<any> decrypt(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource data);
-    // FIXME: Promise<any> sign(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource data);
+    Promise<any> sign(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource data);
     // FIXME: Promise<any> verify(AlgorithmIdentifier algorithm, CryptoKey key, BufferSource signature, BufferSource data);
 
     Promise<any> digest(AlgorithmIdentifier algorithm, BufferSource data);